Skip to main content

Add the Windows Agent as a Trusted Entity for Firewall and Antivirus Applications

Lacework recommends adding the agent as a trusted entity to the Windows firewall and antivirus applications on your host machine to reduce the scan duration and resource usage.

While high configuration systems (16vCPU or better) may not experience any issues during scanning by the agent, lower configuration systems may experience high scan time and large CPU consumption from antivirus applications during the agent scanning. Specifying the Lacework agent as a trusted entity to the Windows firewall and antivirus applications can reduce this issue.

Add the Agent as an Allowed Application for Windows Firewall

  1. Log in to your Windows host machine as administrator.

  2. Select Start > Windows Security > Firewall & network protection.

  3. Click Allow an app through firewall.

    windows-agent-gcp-compute-engine.png

  4. Click Allow another app.

  5. Click Browse, select the LWDataCollector.exe file at C:\Program Files\Lacework, then click Open.

  6. Click Add to add the Lacework Agent application.

  7. Select the Lacework Agent checkbox in the list of Allowed apps and features.

  8. Select the checkbox for the type of network (Public and Private) the Lacework Agent application can access.

  9. Click OK.

Add the Agent in the Windows Defender Exclusions List

  1. Log in to your Windows host machine as administrator.

  2. Select Start > Windows Security > Virus & threat protection > Virus & threat protection settings > Manage settings.

  3. Under Exclusions, click Add or remove exclusions. The Exclusions window appears.

    windows-agent-gcp-compute-engine.png

  4. Click Add an exclusion. A list of exclusion types appears.

  5. Select File, select the LWDataCollector.exe file at C:\Program Files\Lacework, then click Open.

  6. Repeat steps 4 and 5 to add the following files in the exclusion list:

    • C:\Program Files\Lacework\LWUpgrade.exe
    • C:\Program Files\Lacework\osqueryi.exe
    • C:\Windows\System32\drivers\lwdcs.sys

Add the Agent in the Exclusions List for Other Antivirus Applications

Ensure that you have added the following files in the exclusions list for other antivirus applications running on your host machine. Refer to the documentation for your antivirus application for more information.

  • C:\Program Files\Lacework\LWDataCollector.exe
  • C:\Program Files\Lacework\LWUpgrade.exe
  • C:\Program Files\Lacework\osqueryi.exe
  • C:\Windows\System32\drivers\lwdcs.sys